Overview

overview

10

Static

static

AVISO_EMBA...65.exe

windows7_x64

10

AVISO_EMBA...65.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AVISO_EMBARGO303567026277651539765994245587651929741560255500699198515083040145011388425175434365.exe

  • Size

    340KB

  • Sample

    210422-qjv9pdt3sn

  • MD5

    aaa6aa1377d72fc1ea508c350ffc24b1

  • SHA1

    e11c49acc9cf51ce5764a958e25d916626c6f277

  • SHA256

    9e8f66b8b33410b501b3ec75b4b217defbfc1336b5017ad04ed25d28ef94eb5a

  • SHA512

    89db27daca28a4cca910b9651b0d893eb96d5ca5a77c4dc2f95cc81daaa868268d6b012b438a8228627692a795fcd940c89de7881bbad3cc5706e45cbc937eac

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

2.11

C2

176.111.174.67/7Ndd3SnW/index.php

Targets

    • Target

      AVISO_EMBARGO303567026277651539765994245587651929741560255500699198515083040145011388425175434365.exe

    • Size

      340KB

    • MD5

      aaa6aa1377d72fc1ea508c350ffc24b1

    • SHA1

      e11c49acc9cf51ce5764a958e25d916626c6f277

    • SHA256

      9e8f66b8b33410b501b3ec75b4b217defbfc1336b5017ad04ed25d28ef94eb5a

    • SHA512

      89db27daca28a4cca910b9651b0d893eb96d5ca5a77c4dc2f95cc81daaa868268d6b012b438a8228627692a795fcd940c89de7881bbad3cc5706e45cbc937eac

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks